Merge branch 'master' of https://git.corgi.wtf/Navy.gif/webserver-framework

testing nested permissions
no redirects
2022-11-23 00:38:11 +02:00 · 2022-11-23 00:38:07 +02:00 · 2022-11-23 00:37:51 +02:00 · 2022-11-23 00:37:26 +02:00
3 changed files with 42 additions and 3 deletions
--- a/src/server/endpoints/api/Users.js
+++ b/src/server/endpoints/api/Users.js
@ -8,7 +8,12 @@ class UsersEndpoint extends ApiEndpoint {
            path: '/users'
        });
-        this.methods.push([ 'get', this.getUsers.bind(this), [ server.auth.createAuthoriser('administrator', 10) ]]);
+        this.methods.push([ 'get', this.getUsers.bind(this) ]);
        this.subpaths = [
            [ '/:userid', 'get', this.user.bind(this) ],
            [ '/:userid/applications', 'get', this.userApplications.bind(this) ]
        ];
        this.middleware = [ server.auth.createAuthoriser('administrator', 10) ];
    }
@ -20,6 +25,23 @@ class UsersEndpoint extends ApiEndpoint {
        res.json(users.map(user => user.json));
    }
    async user (req, res) {
        const { params } = req;
        const { userid } = params;
        const user = await this.server.users.fetchUser(userid);
        if (!user) return res.status(404).end();
        res.json(user);
    }
    async userApplications (req, res) {
        const { params } = req;
        const { userid } = params;
        const user = await this.server.users.fetchUser(userid);
        if (!user) return res.status(404).send('Could not find the user');
        const applications = await user.fetchApplications();
        res.json(Object.values(applications).map(app => app.json));
    }
 }
 module.exports = UsersEndpoint;
--- a/src/server/middleware/Authenticator.js
+++ b/src/server/middleware/Authenticator.js
@ -87,7 +87,9 @@ class Authenticator {
        const bool = user?._2fa && !sess.verified && sess.loginMethod === 'password';
        const verifyPath = '/login/verify';
        // TODO: clean this up
-        if (bool && ![ verifyPath, '/api' + verifyPath ].includes(req.originalUrl)) return res.redirect(verifyPath);
+        if (bool && ![ verifyPath, '/api' + verifyPath ].includes(req.originalUrl)) {
            return res.status(401).json({ twoFactor: true }); // res.redirect(verifyPath);
        }
        next();
    }
--- a/src/server/structures/User.js
+++ b/src/server/structures/User.js
@ -5,7 +5,22 @@ const UserApplicataion = require('./UserApplication');
 class User {
-    static defaultPermissions = {};
+    static defaultPermissions = {
        developer: {
            default: 0
        },
        administrator: {
            default: 0
        },
        test: {
            default: 0,
            dingus: {
                bingus: {
                    default: 10
                }
            }
        }
    };
    static validTypes = [];
Author	SHA1	Message	Date
Navy.gif	9fc6950664	Merge branch 'master' of https://git.corgi.wtf/Navy.gif/webserver-framework	2022-11-23 00:38:11 +02:00
Navy.gif	eb9aef8023	testing nested permissions	2022-11-23 00:38:07 +02:00
Navy.gif	1b0345374b	no redirects	2022-11-23 00:37:51 +02:00
Navy.gif	363614659d	user applications endpoint	2022-11-23 00:37:26 +02:00